Monthly Archives: April 2014

Episode #177: There and Back Again

Hal finds some old mail

Way, way back after Episode #170 Tony Reusser sent us a follow-up query. If you recall, Episode #170 showed how to change files named "fileaa", "fileab", "fileac", etc to files named "file.001", "file.002", "file.003". Tony's question was how to go back the other way-- from "file.001" to "fileaa", "file.002" to "fileab", and so on.

Why would we want to do this? Heck, I don't know! Ask Tony. Maybe he just wants to torture us to build character. Well we here at Command Line Kung Fu fear no characters, though we may occasionally lose reader emails behind the refrigerator for several months.

The solution is a little scripty, but I did actually type it in on the command line:

    c=1
for l1 in {a..z}; do
for l2 in {a..z}; do
printf -v ext %03d $(( c++ ))
[[ -f file.$ext ]] && mv file.$ext file$l1$l2 || break 2
done
done

There are two nested loops here which work together to create our alphabetic file extensions. $l1 represents the first of the two letters, ranging from 'a' to 'z'. $l2 is the second letter, also ranging from 'a' to 'z'. Put them next to each other and you get "aa", "ab", "ac", etc.

Like Episode #170, I'm using a counter variable named $c to track the numeric file extension. So, for all you computer science nerds, this is a rather weird looping construct because I'm using three different loop control variables. And weird is how I roll.

Inside the loop, I re-use the code from Episode #170 to format $c as our three-digit file extension (saved in variable $ext) and auto-increment $c in the same expression. Then I check to see if "file.$ext" exists. If we have a "file.$ext", then we rename it to "file$l1$l2" ("fileaa", "fileab", etc). If "file.$ext" does not exist, then we've run out of "file.xxx" pieces and we can stop looping. "break 2" breaks out of both enclosing loops and terminates our command line.

And there you go. I hope Tim has as much fun as I did with this. I bet he'd have even more fun if I made him do it in CMD.EXE. Frankly all that PowerShell has made him a bit sloppy...

Tim mails this one in just in time from Abu Dhabi

Wow, CMD huh? That trip to Scriptistan must have made him crazy. I think a CMD version of this would violate the laws of physics.

I'm on the other side of the world looking for Nermal in Abu Dhabi. Technically, it is May 1 here, but since the publication date shows April I think this counts as our April post. At least, that is the story I'm sticking to.

Sadly, I too will have to enter Scriptistan. I have a visa for a long stay on this one. I'll start by using a function to convert a number to Base26. The basis of this function is taken from here. I modified the function so we could add leading A's to adjust the width.

function Convert-ToLetters ([parameter(Mandatory=$true,ValueFromPipeline=$true)][int] $Value, [int]$MinWidth=0) {
$currVal = $Value
if ($LeadingDigits -gt 0) { $currVal = $currVal + [int][Math]::Pow(26, $LeadingDigits) }
$returnVal = '';
while ($currVal -ge 26) {
$returnVal = [char](($currVal) % 26 + 97) + $returnVal;
$currVal = [int][math]::Floor($currVal / 26)
}
$returnVal = [char](($currVal) + 64) + $returnVal;

return $returnVal
}

This allows me to cheat greatly simplify the renaming process.

PS C:\> ls file.* | % { move $_ "file.$(Convert-ToLetters [int]$_.Extension.Substring(1) -MinWidth 3 )" }

This command will read the files starting with "file.", translate the extension in to Base26 (letters), and rename the file. The minimum width is configurable as well, so file.001 could be file.a, file.aa, file.aaa, etc. Also, this version will support more than 26^2 files.

CVE-2014-0112 (struts)

ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

CVE-2014-0113 (struts)

CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

Android.Trojan.Rubobi.A (SmsPiratBot)

Another Android botnet dumped recently.
This malware can send and intercept sms from bots.
Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)
In Russia, you can transfer money from one card to another card through mobile sms
This botnet is sold 120$

Fake App:
MD5: 2ea5e73653d1454c04ecd48202dcc391

Login:

System Stats:

Countries:

Operators:

Task Stats:

Task Editor:

Blacklist:

Stored SMS:

Another panel:

Structure:

Lame scareware

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.
All the following was so lame that i need to talk about this.


 At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/
If it's not the case then he will create a file:

Then, you think he will write into the new file created but nope, he add a registry persistence, by using the api CreateProcess (oh god, why) instead of using RegCreateKey:

Wrote finally the file:

Wait 5 minutes then display a message box:
"Your computer's file system has encountered a serious error. Please restart the computer or call support at 1-866-286-6162"

After a reboot, a shutdown procedure is initialized:


And 5 minutes after, once again the messagebox:


I searched the phone number on google and found this:
"Technicion is an independent provider of on-demand tech support and not affiliated with any third party"

ok, what's about the payement page:
Just 99.99 without any explanation, even the currency symbol is unknown, what a serious site.

And for the story i tried to call 1-866-286-6162 to insult them and tell them how much i hate their ugly code etc.. but there was no available representatives..

CVE-2014-0188 (openshift)

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.

Android/FakeToken.A

OTP forwarder dumped months ago.

Login:

Statistics:

Bots:

Bot:

Passwords:

Send a command:

Commands sent:

Apps:

Apps builder:

MD5s:
2d4770137ae0b91446fc2f99d9fdb2b0
f629adcfbcdd4622ad75337ec0b1a0ff
dd4ac55df6500352dd2cad340a36a40f
b9f9614775a54aa42f94eedbc4796446
1fababfd02ea09ae924cd0a7dbfb708c
bc8394bc9c6adbcfca3d450ee4ede44a
1cb87e1716c503bf499e529ee90e5b31
6db5cdd2648fcd445481cdfa2f2b065a
2ad6f8b8e4aaf88b024e1ddb99833b79
8bac185b6aff0bec4686b7f4cb1659c8

App settings:

Settings:

Second panel, a bit different, look like a 'test' one.
Statistics:

Phone:

Phone search:

Settings:

RSA Security talked also about it here

Interview with Michael Santarcangelo – Episode 369, Part 1 – April 10, 2014

Michael Santarcangelo is the catalyst leaders rely on to take friction out of communication connect people to value free up energy to solve problems and achieve higher levels of performance. He continues to write, speak, train on the structure and system to Effectively Communicate Value and serves as advisor to leaders in organizations of all sizes.

ZeusVM and steganography

Months ago, researchers observed an evolution of ZeusVM, time to get back on this family.

For informations,
The first ZeusVM sample i've seen using steganography was the 21 November 2013.
The IP of the C&C have Russian origin: 212.44.64.202
A Sutra TDS who redirect on Nuclear Exploit pack was pushing the payload, Roman of abuse.ch blacklisted 212.44.64.202 one month later on his Zeus tracker.

The first guy who publicly wrote about ZeusVM change is probably Jerome Segura of Malwarebytes.
Actually the latest version i've saw in the wild is 1.0.0.5, and if you want a hash: e4c31d18b92ad6e19cb67be2e38c3bd1 (sample is fresh of today)

Let's have a look on the first server that i've see now... 212.44.64.202.
Pony, Multilocker, Mailers, Grum and an older version of ZeusVM (without steganography) was also hosted on this server but that not the topic.

The filename of login scripts and ZeusVM configs were hardnamed in russian, like:
borodinskoesrajenie.jpg (http://en.wikipedia.org/wiki/Battle_of_Borodino)
vhodtolkodlyaelfov.php (only elves can enter)
logovoelfov.php (elf's den)
domawniypitomec.php (domestic animal)
jivotnoe.php (animal)
larecotkryt.php (the chest is open)
And so on.. overall the panel design seem back to the original zeus style (not like the previous 'generation' of ZeusVM with casper)

/kec/:

/luck/:

/ass/:

/kbot/:

/ksks/:

/one/:

/two/ (unused):

/three/ (unused):

/four/ (unused):

Now, for decoding those ZeusVM images, as described by Jerome, you just need to strip the image and do the following: Base64+RC4+VisualDecrypt+UCL Decompress

Here are some 'malicious' image from 212.44.64.202:
mix.jpg:
mix.jpg:
mix.jpg:
mix.jpg:
config.jpg:
kartamestnosti.jpg:
webi_test.jpg:
uwliottrekera.jpg:
 test_vnc2.jpg:
x64hook.jpg:

Some configs was done for tests:

And some wasn't for test, targeting banks with MiTB.
Malicious code injection, on a ZeusVM botnet targeting France:

Lame webinject:


CCGRAB:
ATSEngine:

Nowadays more actors start to use ZeusVM, like the group who was using the 'private' version of Citadel 3.1.0.0 and the group who was targeting Japan.
Both switched on ZeusVM as alternative of Citadel.

You can find the samples related to 212.44.64.202 with config and decoded here:
http://temari.fr/vx/ZeusVMs_212.44.64.202.7z

Some other ZeusVM samples (not related to 212.44.64.202):
http://temari.fr/vx/ZeusVMs_v1.0.0.2_v1.0.0.5.7z





root/root

Statement: OpenSSL "Heartbleed" and Smoothwall

Some of our customers have been asking about Smoothwall's vulnerability to the "Heartbleed" issue in OpenSSL. We can confirm that our version of OpenSSL is not vulnerable to this issue, and our version of GnuTLS has also been upgraded as of update73 to resolve another possible, but unrelated, SSL vulnerability, of which OpenSSL's is the latest of 3 recent issues in SSL implementations.

Smoothwall users are protected from Apple's recent bug (link below) by browsing through the web filter, however they are not immune to the "Heartbleed" issue where present on other web sites and services (though a MITM filtered connection is perhaps marginally harder to attack).

More information on each issue can be found here:
OpenSSL "Heartbleed"
GNUTLS issue
Apple "Goto fail"

Windows Internet Guard

Windows Internet Guard is a fake Antivirus. This rogue displays fake alerts to scare users. It replaces Windows Internet Watchdog, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit, Windows Security Master, Windows Defence Unit, Windows Protection Booster, Windows AntiVirus Booster, Windows AntiVirus Helper, Windows AntiVirus Tool, Windows Antivirus Suite, Windows AntiBreach Helper, Windows AntiBreach Suite, Windows AntiBreach Tool, Windows Paramount Protection, Windows Antivirus Master, Windows Safety Master, Windows Ultimate Booster, Windows Efficiency Kit, Windows Prime Accelerator, Windows Prime Shield, Windows Prime Booster, Windows Virtual Protector, Windows Accelerator Pro, Windows Premium Shield, Windows Efficiency Console, Windows Activity Booster, Windows Warding Module, Windows Active HotSpot, Windows Cleaning Toolkit, Windows Expert Console, Windows Safety Series, Windows Secure Workstation, Windows Anti-Malware Patch, Windows Virtual Security, Windows Antivirus Release, Windows Interactive Safety, Windows Ultimate Safeguard, Windows Antivirus Machine, Windows Active Guard, Windows Security Renewal, Windows Home Patron, Windows Virtual Firewall, Windows Premium Defender, Windows Web Combat, Windows Virtual Angel, Windows Profound Security, Windows Expert Series, Windows Virus Hunter, Windows Web Commander, Windows Interactive Security, Windows Proprietary Advisor, Windows Privacy Extension, Windows Custom Management, Windows Pro Defence, Windows Control Series, Windows Advanced Toolkit, Windows Proactive Safety, Windows Maintenance Guard, Windows Secure Web Patch, Windows Active Defender, Windows Instant Scanner, Windows Privacy Counsel, Windows Custom Safety, Windows Privacy Module, Windows Maintenance Suite, Windows PC Aid, Windows Safety Wizard, Windows TurnKey Console, Windows Malware Firewall, Windows Antivirus Rampart, Windows Ultimate Security Patch, Windows Defence Counsel, Windows Guard Tools, Windows Safety Maintenance, Windows Multi Control System, Windows Pro Safety, Windows Private Shield, Windows Pro Safety Release, Windows Safeguard Upgrade, Windows Secure Surfer, Windows Be-on-Guard Edition, Windows Abnormality Checker, Windows Pro Solutions, Windows Sleek Performance, Windows ProSecurity Scanner, Windows Advanced User Patch, Windows Internet Booster, Windows Pro Web Helper, Windows Daily Adviser, Windows Safety Module, Windows High-End Protection, Windows Recovery Series, Windows Safety Checkpoint, Windows Premium Guard, Windows Efficiency Accelerator, Windows Performance Adviser, Windows Pro Rescuer, Windows Safety Toolkit, Windows Antivirus Care, Windows Guard Solutions, Windows Safety Manager, Windows Antivirus Patch, Windows Protection Unit, Windows Crucial Scanner, Windows Foolproof Protector, Windows Antibreaking System, Windows Component Protector, Windows Cleaning Tools, Windows Stability Maximizer, Windows Processes Accelerator, Windows Efficiency Reservoir, Windows Care Taker, Windows Custodian Utility, Windows Shielding Utility, Windows Warding System, Windows Activity Debugger, Windows First-Class Protector, Windows Trouble Taker, Windows Managing System, Windows Defending Center, Windows Debug Center, Windows No-Risk Agent, Windows Software Saver, Windows Antihazard Helper, Windows AntiHazard Center, Windows Process Director, Windows Guardian Angel, Windows Software Keeper, Windows Problems Stopper, Windows Health Keeper, Windows No-Risk Center, Windows Antihazard Solution, Windows Risk Minimizer, Windows Managing System, Windows Safety Tweaker, Windows Tools Patch, Windows Personal Doctor, Windows Personal Detective, Windows Trojans Sleuth, Windows Malware Sleuth, Windows Trojans Inspector, Windows Attacks Defender, Windows Attacks Preventor, Windows Threats Destroyer, Windows Firewall Constructor, Windows Stability Guard, Windows Basic Antivirus, Windows PRO Scanner, Windows Shield Tool, Windows Telemetry Center, Windows Performance Catalyst, Windows Smart Partner, Windows Smart Warden, Windows Functionality Checker, Windows Protection Master




To register (and help removal), copy paste this code: 0W000-000B0-00T00-E0021

Interview with Josh Abraham – Episode 368, Part 1 – April 3, 2014

At Praetorian, Josh Abraham is a key member of the technical execution team. In this capacity, he is responsible for leading, directing and executing client-facing engagements that include Praetorian's tactical and strategic service offerings.

Over the years, Josh has become a well-known resource for his contributions to the information security space. An avid researcher and presenter, Josh has spoken at numerous conferences including BlackHat, DefCon, BSides, ShmooCon, The SANS Pentest Summit, Infosec World, SOURCE, CSI, OWASP, LinuxWorld and Comdex.

Windows Internet Watchdog

Windows Internet Watchdog is a fake Antivirus. This rogue displays fake alerts to scare users. It replaces Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit, Windows Security Master, Windows Defence Unit, Windows Protection Booster, Windows AntiVirus Booster, Windows AntiVirus Helper, Windows AntiVirus Tool, Windows Antivirus Suite, Windows AntiBreach Helper, Windows AntiBreach Suite, Windows AntiBreach Tool, Windows Paramount Protection, Windows Antivirus Master, Windows Safety Master, Windows Ultimate Booster, Windows Efficiency Kit, Windows Prime Accelerator, Windows Prime Shield, Windows Prime Booster, Windows Virtual Protector, Windows Accelerator Pro, Windows Premium Shield, Windows Efficiency Console, Windows Activity Booster, Windows Warding Module, Windows Active HotSpot, Windows Cleaning Toolkit, Windows Expert Console, Windows Safety Series, Windows Secure Workstation, Windows Anti-Malware Patch, Windows Virtual Security, Windows Antivirus Release, Windows Interactive Safety, Windows Ultimate Safeguard, Windows Antivirus Machine, Windows Active Guard, Windows Security Renewal, Windows Home Patron, Windows Virtual Firewall, Windows Premium Defender, Windows Web Combat, Windows Virtual Angel, Windows Profound Security, Windows Expert Series, Windows Virus Hunter, Windows Web Commander, Windows Interactive Security, Windows Proprietary Advisor, Windows Privacy Extension, Windows Custom Management, Windows Pro Defence, Windows Control Series, Windows Advanced Toolkit, Windows Proactive Safety, Windows Maintenance Guard, Windows Secure Web Patch, Windows Active Defender, Windows Instant Scanner, Windows Privacy Counsel, Windows Custom Safety, Windows Privacy Module, Windows Maintenance Suite, Windows PC Aid, Windows Safety Wizard, Windows TurnKey Console, Windows Malware Firewall, Windows Antivirus Rampart, Windows Ultimate Security Patch, Windows Defence Counsel, Windows Guard Tools, Windows Safety Maintenance, Windows Multi Control System, Windows Pro Safety, Windows Private Shield, Windows Pro Safety Release, Windows Safeguard Upgrade, Windows Secure Surfer, Windows Be-on-Guard Edition, Windows Abnormality Checker, Windows Pro Solutions, Windows Sleek Performance, Windows ProSecurity Scanner, Windows Advanced User Patch, Windows Internet Booster, Windows Pro Web Helper, Windows Daily Adviser, Windows Safety Module, Windows High-End Protection, Windows Recovery Series, Windows Safety Checkpoint, Windows Premium Guard, Windows Efficiency Accelerator, Windows Performance Adviser, Windows Pro Rescuer, Windows Safety Toolkit, Windows Antivirus Care, Windows Guard Solutions, Windows Safety Manager, Windows Antivirus Patch, Windows Protection Unit, Windows Crucial Scanner, Windows Foolproof Protector, Windows Antibreaking System, Windows Component Protector, Windows Cleaning Tools, Windows Stability Maximizer, Windows Processes Accelerator, Windows Efficiency Reservoir, Windows Care Taker, Windows Custodian Utility, Windows Shielding Utility, Windows Warding System, Windows Activity Debugger, Windows First-Class Protector, Windows Trouble Taker, Windows Managing System, Windows Defending Center, Windows Debug Center, Windows No-Risk Agent, Windows Software Saver, Windows Antihazard Helper, Windows AntiHazard Center, Windows Process Director, Windows Guardian Angel, Windows Software Keeper, Windows Problems Stopper, Windows Health Keeper, Windows No-Risk Center, Windows Antihazard Solution, Windows Risk Minimizer, Windows Managing System, Windows Safety Tweaker, Windows Tools Patch, Windows Personal Doctor, Windows Personal Detective, Windows Trojans Sleuth, Windows Malware Sleuth, Windows Trojans Inspector, Windows Attacks Defender, Windows Attacks Preventor, Windows Threats Destroyer, Windows Firewall Constructor, Windows Stability Guard, Windows Basic Antivirus, Windows PRO Scanner, Windows Shield Tool, Windows Telemetry Center, Windows Performance Catalyst, Windows Smart Partner, Windows Smart Warden, Windows Functionality Checker, Windows Protection Master




To register (and help removal), copy paste this code: 0W000-000B0-00T00-E0021

The Evolution of Mobile Security

Today, I posted a blog entry to the Oracle Identity Management blog titled Analyzing How MDM and MAM Stack Up Against Your Mobile Security Requirements. In the post, I walk through a quick history of mobile security starting with MDM, evolving into MAM, and providing a glimpse into the next generation of mobile security where access is managed and governed along with everything else in the enterprise. It should be no surprise that's where we're heading but as always I welcome your feedback if you disagree.

Here's a brief excerpt:
Mobile is the new black. Every major analyst group seems to have a different phrase for it but we all know that workforces are increasingly mobile and BYOD (Bring Your Own Device) is quickly spreading as the new standard. As the mobile access landscape changes and organizations continue to lose more and more control over how and where information is used, there is also a seismic shift taking place in the underlying mobile security models.
Mobile Device Management (MDM) was a great first response by an Information Security industry caught on its heels by the overwhelming speed of mobile device adoption. Emerging at a time when organizations were purchasing and distributing devices to employees, MDM provided a mechanism to manage those devices, ensure that rogue devices weren’t being introduced onto the network, and enforce security policies on those devices. But MDM was as intrusive to end-users as it was effective for enterprises.
Continue Reading

Windows Web Watchdog

Windows Web Watchdog is a fake Antivirus. This rogue displays fake alerts to scare users. It replaces Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit, Windows Security Master, Windows Defence Unit, Windows Protection Booster, Windows AntiVirus Booster, Windows AntiVirus Helper, Windows AntiVirus Tool, Windows Antivirus Suite, Windows AntiBreach Helper, Windows AntiBreach Suite, Windows AntiBreach Tool, Windows Paramount Protection, Windows Antivirus Master, Windows Safety Master, Windows Ultimate Booster, Windows Efficiency Kit, Windows Prime Accelerator, Windows Prime Shield, Windows Prime Booster, Windows Virtual Protector, Windows Accelerator Pro, Windows Premium Shield, Windows Efficiency Console, Windows Activity Booster, Windows Warding Module, Windows Active HotSpot, Windows Cleaning Toolkit, Windows Expert Console, Windows Safety Series, Windows Secure Workstation, Windows Anti-Malware Patch, Windows Virtual Security, Windows Antivirus Release, Windows Interactive Safety, Windows Ultimate Safeguard, Windows Antivirus Machine, Windows Active Guard, Windows Security Renewal, Windows Home Patron, Windows Virtual Firewall, Windows Premium Defender, Windows Web Combat, Windows Virtual Angel, Windows Profound Security, Windows Expert Series, Windows Virus Hunter, Windows Web Commander, Windows Interactive Security, Windows Proprietary Advisor, Windows Privacy Extension, Windows Custom Management, Windows Pro Defence, Windows Control Series, Windows Advanced Toolkit, Windows Proactive Safety, Windows Maintenance Guard, Windows Secure Web Patch, Windows Active Defender, Windows Instant Scanner, Windows Privacy Counsel, Windows Custom Safety, Windows Privacy Module, Windows Maintenance Suite, Windows PC Aid, Windows Safety Wizard, Windows TurnKey Console, Windows Malware Firewall, Windows Antivirus Rampart, Windows Ultimate Security Patch, Windows Defence Counsel, Windows Guard Tools, Windows Safety Maintenance, Windows Multi Control System, Windows Pro Safety, Windows Private Shield, Windows Pro Safety Release, Windows Safeguard Upgrade, Windows Secure Surfer, Windows Be-on-Guard Edition, Windows Abnormality Checker, Windows Pro Solutions, Windows Sleek Performance, Windows ProSecurity Scanner, Windows Advanced User Patch, Windows Internet Booster, Windows Pro Web Helper, Windows Daily Adviser, Windows Safety Module, Windows High-End Protection, Windows Recovery Series, Windows Safety Checkpoint, Windows Premium Guard, Windows Efficiency Accelerator, Windows Performance Adviser, Windows Pro Rescuer, Windows Safety Toolkit, Windows Antivirus Care, Windows Guard Solutions, Windows Safety Manager, Windows Antivirus Patch, Windows Protection Unit, Windows Crucial Scanner, Windows Foolproof Protector, Windows Antibreaking System, Windows Component Protector, Windows Cleaning Tools, Windows Stability Maximizer, Windows Processes Accelerator, Windows Efficiency Reservoir, Windows Care Taker, Windows Custodian Utility, Windows Shielding Utility, Windows Warding System, Windows Activity Debugger, Windows First-Class Protector, Windows Trouble Taker, Windows Managing System, Windows Defending Center, Windows Debug Center, Windows No-Risk Agent, Windows Software Saver, Windows Antihazard Helper, Windows AntiHazard Center, Windows Process Director, Windows Guardian Angel, Windows Software Keeper, Windows Problems Stopper, Windows Health Keeper, Windows No-Risk Center, Windows Antihazard Solution, Windows Risk Minimizer, Windows Managing System, Windows Safety Tweaker, Windows Tools Patch, Windows Personal Doctor, Windows Personal Detective, Windows Trojans Sleuth, Windows Malware Sleuth, Windows Trojans Inspector, Windows Attacks Defender, Windows Attacks Preventor, Windows Threats Destroyer, Windows Firewall Constructor, Windows Stability Guard, Windows Basic Antivirus, Windows PRO Scanner, Windows Shield Tool, Windows Telemetry Center, Windows Performance Catalyst, Windows Smart Partner, Windows Smart Warden, Windows Functionality Checker, Windows Protection Master




To register (and help removal), copy paste this code: 0W000-000B0-00T00-E0021